Beginning of May, 2 vulnerabilities with exploits were released for DASAN GPON home routers: CVE-2018-10561 and CVE-2018-10562. The first vulnerability allows unauthenticated access to the Internet facing web interface of the router, the second vulnerability allows command injection.

Soon after the disclosure, we started to observe exploit attempts on our servers: